[Deploying Sakai] Sakai over HTTPS + HAPROXY
Miguel Carro Pellicer
mcarro at entornosdeformacion.com
Wed Jan 21 08:22:28 PST 2015
Thank you so much for your response Sam,
The referenced IPs are in a private network,
X.X.X.X are private IPs
XXXXX are the domain names.
X-Forwarded-Proto is set to https
The weird thing is all the portal works fine except that particular tools :(
We're moving an instance from Apache+Tomcat environment to HAPROXY+Tomcat
Miguel
El 21/01/2015 a las 17:15, Sam Ottenhoff escribió:
> X-Forwarded-Proto set to HTTPS is the key.
>
> https://confluence.sakaiproject.org/display/DOC/Sakai+Admin+Guide+-+Advanced+Tomcat++%28and+Apache%29+Configuration
>
> Commenting our your IPs make this more difficult to debug. Are your
> Tomcat IPs referenced in HAproxy on a public or private network?
>
> On Wed, Jan 21, 2015 at 11:12 AM, Miguel Carro Pellicer
> <mcarro at entornosdeformacion.com
> <mailto:mcarro at entornosdeformacion.com>> wrote:
>
> Hi Subscribers,
>
> Are someone using Sakai over HTTPS using HAPROXY? I have a weird
> problem with this configuration, some tools are not rendering
> properly because says they are under HTTP, despite the iframe is
> loaded under HTTPS....
>
> The tools are gradebook, sections, chat, site-manage-participants,
> sitestats, sections....and some developed by myself using Wicket
> 6. I configured force.url.secure=443 and all the URLs are over HTTPS.
>
> The problem is because we're trying to use HAPROXY as webserver,
> the connection between users and HAPROXY is over HTTPS, then
> HAPROXY communicates with tomcat using HTTP.
>
> Here is the HA configuration:
>
> # BALANCER HTTPS LOGS
> frontend https
> bind X.X.X.X:443 ssl crt /etc/ssl/private/X.pem
> option dontlognull
> reqadd X-Forwarded-Proto:\ https
> default_backend sakai_https
> use_backend sakai_https if { ssl_fc_sni XXXXX }
> use_backend sakai_https if { ssl_fc_sni XXXXX }
> backend sakai_https
> mode http
> #http-request set-header X-Forwarded-Proto https if { ssl_fc }
> #http-request set-header X-Forwarded-Proto https if !{ ssl_fc }
> redirect scheme https if !{ ssl_fc }
> balance source
> option http-server-close
> option forwardfor header X-Real-IP
> timeout connect 30000
> timeout server 30000
> rspirep ^Location:\ http://(.*):80(.*) Location:\ https://\1:443\2
> rspirep ^(set-cookie:.*) \1;\ Secure
> retries 2
> option httpchk HEAD /content/monty/3e3e4r5tw.html HTTP/1.0
> server sakai01 X.X.X.X:8080 check inter 5000
> server sakai02 X.X.X.X:8080 check inter 50000
>
>
>
> Thanks for any help, Miguel
>
> --
> Logo
>
> Miguel Carro
> Pellicer<http://es.linkedin.com/pub/miguel-carro-pellicer/38/502/b92>
> /CTO Entornos de Formación S.L./
>
> Phone: +34 - 686266485
> Email: mcarro at entornosdeformacion.com
> <mailto:mcarro at entornosdeformacion.com>
>
> No me imprimas si no es necesario. Protejamos el medio ambiente
>
>
> AVISO LEGAL: El contenido de este mensaje de correo electrónico,
> incluidos los ficheros adjuntos, es confidencial y está protegido
> por el artículo 18.3 de la Constitución Española, que garantiza el
> secreto de las comunicaciones.
> Si usted recibe este mensaje por error, por favor póngase en
> contacto con el remitente para informarle de este hecho, y no
> difunda su contenido ni haga copias.
> *** Este mensaje ha sido verificado con herramientas de
> eliminación de virus y contenido malicioso ***
> Este aviso legal ha sido incorporado automáticamente al mensaje.
>
>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> <mailto:production at collab.sakaiproject.org>
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org
> <mailto:production-unsubscribe at collab.sakaiproject.org> with a
> subject of "unsubscribe"
>
>
--
Miguel Carro Pellicer
Logo
Miguel Carro
Pellicer<http://es.linkedin.com/pub/miguel-carro-pellicer/38/502/b92>
/CTO Entornos de Formación S.L./
Phone: +34 - 686266485
Email: mcarro at entornosdeformacion.com
<mailto:mcarro at entornosdeformacion.com>
No me imprimas si no es necesario. Protejamos el medio ambiente
AVISO LEGAL: El contenido de este mensaje de correo electrónico,
incluidos los ficheros adjuntos, es confidencial y está protegido por el
artículo 18.3 de la Constitución Española, que garantiza el secreto de
las comunicaciones.
Si usted recibe este mensaje por error, por favor póngase en contacto
con el remitente para informarle de este hecho, y no difunda su
contenido ni haga copias.
*** Este mensaje ha sido verificado con herramientas de eliminación de
virus y contenido malicioso ***
Este aviso legal ha sido incorporado automáticamente al mensaje.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20150121/168d7036/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 8726 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20150121/168d7036/attachment-0002.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1103 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20150121/168d7036/attachment-0003.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: entornos_logo.jpg
Type: image/jpeg
Size: 8726 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20150121/168d7036/attachment-0002.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedin.jpg
Type: image/jpeg
Size: 1103 bytes
Desc: not available
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20150121/168d7036/attachment-0003.jpg
More information about the production
mailing list